Bad news for early adopters of smartwatches: a new report from HP Fortify (PDF) examining ten of the top smartwatches on the market found that every single one of them was subject to “specific vulnerabilities” associated with OWASP’s Internet of Things Top 10.
HP doesn’t name the ten smartwatches it tested, but with so few models currently on the market it’s probably fair to say that if you’ve got one, it’ll have some sort of security issue, such as:
- Insufficient authentication/authorisation
- Insecure network services
- Lack of transport encryption
- Privacy concerns
- Insecure Cloud interface
- Insecure mobile interface
- Insecure software/firmware
As the Internet of Things (IoT) continues to gain market traction – Gartner predicts that there will be more than 25 billion IoT-connected devices by 2020 – the need for wider security approaches becomes more evident. Consider the recent car hacking in America, for example.
BYOD and mobile device security
Organisations that support bring-your-own-device (BYOD) need to be especially wary of employees using such devices to access office networks and work systems.
IT Governance’s BYOD Policy Template Toolkit contains a complete, customisable BYOD policy and Acceptable Use Agreement, together with implementation guidance, and is usable either on its own or with any other ITGP documentation toolkit.
Fully up to date with the March 2013 official guidance on data management and security from the UK’s Information Commissioner, the BYOD Policy Template Toolkit puts affordable best practice at the fingertips of CIOs and security managers everywhere.